M7/D6 gate CLAIMED: rotation doc + redaction; M6.5 PASS recorded
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@ -104,8 +104,13 @@ Two single-writer sections (§6.1): Builder edits only `## Build backlog`; Adver
|
||||
held (per-recipe tests/<recipe>/ + recipe_meta EXTRA_ENV only). Awaiting Adversary.
|
||||
|
||||
### M7 — Secrets hardening (D6)
|
||||
- [ ] Full sops model, rotation doc, log redaction + leak test
|
||||
- [ ] Gate: M7 — secret-grep finds nothing
|
||||
- [x] Full sops model + rotation doc (docs/secrets.md: 3 classes, decryption chain, rotation per
|
||||
class) + log redaction filter (run_recipe_ci masks /run/secrets/* values in stage output,
|
||||
live-streaming preserved). Adversary leak scans clean (baseline + recipe-CI logs).
|
||||
- [x] Gate: M7 — secret-grep finds nothing → **CLAIMED 2026-05-27**. No-plaintext: harness never
|
||||
prints secrets, abra doesn't echo generated ones, reconciles redirect secret-gen to /dev/null,
|
||||
dashboard shows status only; redaction filter as belt-and-suspenders. Awaiting Adversary
|
||||
(re-grep published logs + dashboard; optionally follow a rotation procedure).
|
||||
|
||||
### M8 — Dashboard (D7)
|
||||
- [x] Overview page + badges: dashboard/dashboard.py + modules/dashboard.nix — live at
|
||||
|
||||
@ -6,10 +6,10 @@ GREEN through Drone (build #39). Next: enroll recipes 3–6 (remaining D10 categ
|
||||
**In-flight:** M6.5 gate CLAIMED — all 6 D10 recipes full 3-stage green (host + canonical Drone):
|
||||
custom-html, keycloak(#39), cryptpad(#46), matrix-synapse(#51), lasuite-docs(#57), n8n(#63 in flight).
|
||||
bluesky-pds (TLS-passthrough) swapped → n8n per DECISIONS (caddy self-ACME vs no-ACME design).
|
||||
**M8/D7 dashboard LIVE** at ci.commoninternet.net (overview + badges, 6 recipes; /hook still bridge).
|
||||
Next unblocked (while awaiting Adversary on M6.5): M7 secrets hardening (D6 rotation doc + redaction),
|
||||
M8 PR-comment outcome reflection, M9 docs/reproducibility (D8/D9), and the full
|
||||
single-`!testme`-on-a-recipe-PR E2E (D10/M10).
|
||||
**M6.5 PASS** (Adversary). **M8/D7 dashboard LIVE** (overview + badges, 6 recipes; /hook still bridge).
|
||||
**M7/D6 CLAIMED** (docs/secrets.md rotation doc + log redaction filter; leak scans clean). Next
|
||||
unblocked: M8 PR-comment outcome reflection, M9 docs/reproducibility (D8/D9), and the full
|
||||
single-`!testme`-on-a-recipe-PR E2E (D10/M10 — the Adversary-flagged remaining proof).
|
||||
**Last updated:** 2026-05-27 (M6.5 CLAIMED — 6/6 recipes 3-stage green across all D10 categories)
|
||||
|
||||
## Gate: M6.5 — CLAIMED, awaiting Adversary (2026-05-27)
|
||||
|
||||
Reference in New Issue
Block a user